You are here

GoLang Vulnerabilities Fixed in Version 1.20.5

CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405

GoLang released version 1.20.5 fixing 4 vulnerabilities [1].

Details CVE-2023-29403:

Binaries run with the setuid/setgid bits can in certain cases result in unexpected content being read or written with elevated privileges.

Airlock Gateway and Airlock Microgateway do not use the setuid/setgid bits and are therefore not affected.

Details CVE-2023-29402, CVE-2023-29404, CVE-2023-29405:

Build time vulnerabilities related to GoLang's cgo.
The go command may execute arbitrary code at build time when using cgo.
This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code, and cgo is enabled.

Since cgo is disabled in Airlock Gateway and Airlock Microgateway, they are not affected.

Airlock Gateway and Airlock Microgateway are not affected.


No action required.

Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Does not affect back-end behind Airlock